| 12345678910111213141516171819202122232425262728293031323334353637383940414243 |
- upstream commento {
- server commento-service-dockerbunker:8080;
- }
- server {
- listen 80;
- server_name ${SERVICE_DOMAIN};
- return 301 https://$host$request_uri;
- add_header X-Content-Type-Options "nosniff" always;
- add_header X-XSS-Protection "1; mode=block" always;
- add_header X-Frame-Options "DENY" always;
- add_header Referrer-Policy "strict-origin" always;
- add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
- server_tokens off;
- }
- server {
- listen 443 ssl;
- server_name ${SERVICE_DOMAIN};
- ssl_certificate /etc/nginx/ssl/${SERVICE_DOMAIN}/cert.pem;
- ssl_certificate_key /etc/nginx/ssl/${SERVICE_DOMAIN}/key.pem;
- include /etc/nginx/includes/ssl.conf;
- add_header X-Content-Type-Options "nosniff" always;
- add_header X-XSS-Protection "1; mode=block" always;
- add_header X-Frame-Options "DENY" always;
- add_header Referrer-Policy "strict-origin" always;
- add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
- server_tokens off;
- include /etc/nginx/includes/gzip.conf;
- location / {
- proxy_pass http://commento/;
- }
- location ~ /.well-known {
- allow all;
- root /var/www/html;
- }
- }
|
